Manage keys
This document explains how to manage keys when using Concrete, introducing the key management API for generating, reusing, and securely handling keys.
Concrete generates keys lazily when needed. While this is convenient for development, it's not ideal for the production environment. The explicit key management API is available for you to easily generate and reuse keys as needed.
Definition
Let's start by defining a circuit with the following example:
Circuits have a keys property of type fhe.Keys, which includes several utilities for key management.
Generation
To explicitly generate keys for a circuit, use:
Generated keys are stored in memory and remain unencrypted.
You can also set a custom seed for reproducibility:
Do not specify the seed manually in a production environment! This is not secure and should only be done for debugging purposes.
Serialization
To serialize keys, for tasks such as sending them across a network, use:
Keys are not serialized in encrypted form. Please make sure you keep them in a safe environment, or encrypt them manually after serialization.
Deserialization
To deserialize the keys back after receiving serialized keys, use:
Assignment
Once you have a valid fhe.Keys object, you can directly assign it to the circuit:
If assigned keys are generated for a different circuit, an exception will be raised.
Saving
You can also use the filesystem to store the keys directly, without managing serialization and file management manually:
Keys are not saved in encrypted form. Please make sure you store them in a safe environment, or encrypt them manually after saving.
Loading
After saving keys to disk, you can load them back using:
Automatic Management
If you want to generate keys in the first run and reuse the keys in consecutive runs, use:
Last updated